Ethan-Andrews/Exploitarium-Detections — reverse-engineered prompt
Reverse engineered prompt
Build me a clean detection repo for Microsoft Sentinel and Defender XDR that covers the Exploitarium anonymous disclosure. I want it to feel like a practical blue team pack, with KQL rules grouped by affected product, like libssh2, Splunk, RustDesk, 7 Zip, OpenVPN, VLC, curl, Next.js, PHP, Docker, Ghidra, ImageMagick, and the other items mentioned in the research.
Please make the rules easy to deploy and easy to understand. Each one should have a clear name, a short note on what suspicious behavior it catches, any known CVE mapping when there is one, and whether it is mainly for Windows, Linux, macOS, containers, network, or SaaS. Include broad hunting rules too, not just super specific PoC detections.
I also want a simple README that explains what this coverage is for, what products are included, how many rules there are, and which detections defenders should turn on first, especially the high risk libssh2 and Splunk ones. Keep it organized for real incident response use. If needed, look up current Microsoft KQL guidance online.
Want more depth? Deep Reverse